UFONet – DDoS attacks via Web Abuse (XSS/CSRF)

UFONet – is a tool designed to launch DDoS attacks against a target, using ‘Open Redirect’ vectors on third party web applications, like botnet.

See this links for more info:
CWE-601:Open Redirect
OWASP:URL Redirector Abuse

Main features:

--version             show program's version number and exit
-v, --verbose active verbose on requests
--check-tor check to see if Tor is used properly
--update check for latest stable version

*Configure Request(s)*:
--proxy=PROXY Use proxy server (tor: http://localhost:8118)
--user-agent=AGENT Use another HTTP User-Agent header (default SPOOFED)
--referer=REFERER Use another HTTP Referer header (default SPOOFED)
--host=HOST Use another HTTP Host header (default NONE)
--xforw Set your HTTP X-Forwarded-For with random IP values
--xclient Set your HTTP X-Client-IP with random IP values
--timeout=TIMEOUT Select your timeout (default 30)
--retries=RETRIES Retries when the connection timeouts (default 1)
--delay=DELAY Delay in seconds between each HTTP request (default 0)

*Manage Botnet*:
-s SEARCH Search 'zombies' on google (ex: -s 'proxy.php?url=')
--sn=NUM_RESULTS Set max number of result to search (default 10)
-t TEST Test list of web 'zombie' servers (ex: -t zombies.txt)

*Configure Attack(s)*:
-r ROUNDS Set number of 'rounds' for the attack (default: 1)
-b PLACE Set a place to 'bit' on target (ex: -b /path/big.jpg)
-a TARGET Start a Web DDoS attack (ex: -a http(s)://target.com)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s